Microsoft

Asp.Net

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2026-40372

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 21.04.2026 19:20:50
  • Zuletzt bearbeitet 27.04.2026 19:57:39

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

8.1

CVE-2025-36854

  • EPSS 0.15%
  • Veröffentlicht 08.09.2025 13:53:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Executi...

7

CVE-2025-7326

  • EPSS 0.99%
  • Veröffentlicht 08.07.2025 14:31:45
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor...

7

CVE-2025-24070

Exploit
  • EPSS 0.28%
  • Veröffentlicht 11.03.2025 16:58:54
  • Zuletzt bearbeitet 02.07.2025 14:25:46

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

4.3

CVE-2010-2084

  • EPSS 7.51%
  • Veröffentlicht 27.05.2010 19:00:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.

4.3

CVE-2010-2088

Exploit
  • EPSS 11.86%
  • Veröffentlicht 27.05.2010 19:00:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.

7.8

CVE-2006-1364

Exploit
  • EPSS 23.94%
  • Veröffentlicht 23.03.2006 11:06:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly reque...

5

CVE-2005-2224

Exploit
  • EPSS 8.59%
  • Veröffentlicht 12.07.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.

6.4

CVE-2005-1664

  • EPSS 22.03%
  • Veröffentlicht 18.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, ...

5

CVE-2005-1665

  • EPSS 34.53%
  • Veröffentlicht 18.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.